★ Post-audit code changes without re-audit
Multipli's assessment for RD-F-139 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Shieldify Vault audit PDF hosted in repo is dated 2025-07-08. GitHub last commit date is 2026-01-16 — approximately 6 months of changes post-audit. No re-audit of post-July 2025 changes confirmed. Pending Shieldify MULT token audit #151 (2026-05, 'Soon') covers token only, not vault changes. Delta between audited commit and 2026-01-16 HEAD is unknown. Assessed yellow: no confirmed exploit; extent of post-audit changes unknown; 'Barebones' caveat may mean production deployment is closer to audited code.
Sources #
- GitHubMultipli repo — audit dated 2025-07-08; last commit 2026-01-16 (6-month gap)multipli-libs/Barebones-MultipliVault: audits/multipli-vault-security-review-shieldify-2025-07-08.pdf; last commit 2026-01-16retrieved 2026-05-17
- 00-data-cache.json and 00-profile.md §8 audit tablecache github.last_commit_date=2026-01-16; profile §8: Shieldify #95 2025-06, #151 2026-05 pending (token audit only)retrieved 2026-05-17
Methodology #
Count deployed changes to audited bytecode where no subsequent audit or spot-review covers the changed code.
See the full factor methodology and distribution across all protocols →